7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
1/12
Improvement in Routing Mechanism for Mobile
Ad hoc Networks
Guided By: Submitted By:
Prof. Your Guide Name Bhaumik Patel
Designation 3rd
Sem, M. E. (CE)
MODASA
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
2/12
ACKNOWLEDGEMENT
I am thoroughly thankful to Your Guide Name for providing me the opportunity and right
direction to study and present something new and interesting about MANETs security,
specifically said about AODV routing protocol.
Bhaumik Patel
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
3/12
Page 1
1. Abstract
Today new applications of mobile ad hoc networks including wireless sensor networks,
ubiquitous computing and peer-to-peer applications, introduce a need for strong privacy
protection and security mechanisms.
To provide protection in wireless communication between mobile nodes in a hostile
environment, security is primary and fundamental issue. Compared to wired network MANETs
having couple of problems in security design due to lack of the infrastructure, open peer-to-peer
network architecture, shared wireless medium, limited resource constraints and highly dynamic
network topology. With these challenges security must provide protection in MANETs with
desirable network performance.
Here I would like to focus on fundamental security problems and possible solutions in MANETs
with review of state-of-the-art security proposals suggested in this area.
MANETs routing protocols are being developed without having security in mind. In most of
them it is assumed that all the nodes in the network are friendly and trusted. I consider the
problem of incorporating security mechanism into routing protocols for ad hoc networks. I look
at AODV (Ah-hoc On-demand Distance Vector) in detail and try to check possibility to develop
a security mechanism to protect its routing information.
AODV is one of the widely used routing protocols that is currently undergoing extensive
research and development. AODV is reactive which means that it builds routes only when they
are first needed. AODV is based on distance vector routing, but the updates are shared not on a
periodic basis but on an as per requirement basis. The control packet contains a hop count and
sequence number field that identifies the freshness of routing updates. As these fields are
mutable, it creates a potential vulnerability that is frequently exploited by malicious nodes to
advertise better routes. Similarly, transmission of routing updates also discloses vital information
about network topology, which is again a potential security hazard. So here I will try to focus
first on various possible security flaws and then on possible security solutions of AODV.
The Secure AODV is an extension of the AODV routing protocol that can be used to protect the
route discovery mechanism providing security features like integrity and authentication. Two
mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-
mutable fields of the messages, and hash chains to secure the hop count information (the only
mutable information in the messages). For the non-mutable information, authentication is
perform in an end-to-end manner, but the same kind of techniques cannot be applied to the
mutable information. The information relative to the hash chains and the signatures is transmitted
with the AODV message as an extension message
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
4/12
Page 2
2. Introduction
MANETs has two unique characteristics: self-configuration and self-maintenance capabilities.
The existing security solutions for wired networks cannot be directly applicable to the MANETs.
In addition, self organization property is assumed in MANETs which is the ability of a mobile ad
hoc network to work without any external management or configuration.
Security in MANETs is very difficult to achieve due to links vulnerabilities, the limited physical
protection of each of the nodes, the sporadic nature of connectivity, the dynamic changing
topology, the absence of a certification authorities and lack of centralized monitoring or
management point.
In MANETs, there is nothing like a clear line of defense or boundary which separates inside
network from outside world. On the other side, the existing ah hoc routing protocols, such as
AODV(Ad hoc On-demand Distance Vector) and DSR(Dynamic Source Routing) assumes
trusted and cooperative environment which makes very easy to attack on MANETs.
Security never comes for free. Adding more security features into the mobile wireless networks,
increases computation, communication and management overhead. In addition, network
performance in terms of scalability, service availability, robustness and so on, becomes key
factor in resource-constrained ad hoc networks. In fact, both dimensions, security strength and
network performance are equally important and achieving a good trade-off between these two is
itself one fundamental challenge in security design for MANETs.
3. Attacks
Attacks on the basic mechanisms, such as routing.Attacks on the security mechanisms, such as key management.
Main vulnerabilities of the basic mechanisms are nodes can be easily captured and compromised,
communication performed over the air, algorithms are assumed to be cooperative and routing
mechanisms are more vulnerable in ad hoc networks.
While main vulnerabilities of the security mechanisms are public key can be maliciously
replaced, some keys can be compromised, trusted server can be controlled etc.
3.1 Attacks on network-layer operations
The major two network-layer operations in MANETs are ad hoc routing and data packets
forwarding. Both operations are vulnerable to malicious attacks. Based on that we are having two
categories of attacks: routing attacks and packet forwarding attacks.
Routing attacks in AODV are, attacker may advertise a route with a small distance than its actual
distance to the destination, or advertise routing updates with a large sequence number and invalid
all the routing updates from other nodes. So there is a need to identify and defeat more subtle and
sophisticated routing attacks.
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
5/12
Page 3
Packets forwarding attacks do not disrupt the routing protocol. Instead they cause data packets to
be delivered in a way that intentionally inconsistence with the routing states. For example, the
attacker along an established route may drop the packets, modify the contents of the packets or
duplicate the packets it has already forwarded.
4. Review of state-of-the-art security proposals for MANETs
There are two approaches of security in MANETs: Proactive and Reactive. Both the approaches
have their own advantages and are suitable for addressing different issues of MANETs security.
For example, most secure routing protocols have proactive approach, while reactive approach is
widely used to protect packet forwarding operations.
In addition to these, security encompasses three main components: prevention, detection and
reaction. In the MANETs, the prevention component is mainly achieved by secure ad hoc routing
protocols that prevent the attacker from installing incorrect routing states at other nodes. These
protocols are based on earlier ad hoc routing protocols like DSR, AODV, DSDV(Destination-Sequenced Distance Vector) and employ different cryptographic primitives (e.g. HMAC, digital
signature, hash chains) to authenticate the routing messages.
Detection observes abnormal behavior of malicious node if any. Once an attacker node is
detected, the reaction component makes adjustment in routing and forwarding operations.
4.1 Network Layer Security
According to earlier proposals, network layer security has two categories: secure ad hoc routing
protocols and secure packet forwarding protocols. Here I would like to discuss only secure ad
hoc routing protocols with its possible solutions because there is no much work done in this area.There are several cryptographic primitives for message authentication, the essential component
in any security design like HMAC (Message Authentication Codes), Digital Signature, Hash
Chains etc.
4.1.1 Secure Ad hoc Routing
This takes the proactive approach and enhances the existing ad hoc routing protocols, such as
DSR and AODV, with security extensions. In these protocols, each mobile node proactively
signs its routing messages using the cryptographic authentication primitives described above.
This way, collaborative nodes can efficiently authenticate the legitimate traffic and differentiate
the unauthorized packets from outsider attackers.
Following are the major two types of routing protocols.
Source Routing
The main challenge is to ensure that each intermediate node cannot remove existing nodes from
the route or add extra nodes to the route. The basic technique is to attach a per-hop authenticator
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
6/12
Page 4
for the source routing forwarder list so that any altering of the list can be immediately detected.
A secure extension of DSR is Ariadne that uses a one-way HMAC key chain for the purpose of
message authentication.
Distance Vector Routing
For the DVR protocols such as AODV and DSDV, the main challenge is that each intermediate
node has to advertise the routing metric correctly. For example, when hop count is used as the
routing metric, each node has to increase the hop count by one exactly. A hop count hash chain is
devised so that an intermediate node cannot decrease the hop count in a routing update. Note that
a hash chain for this purpose does not need time synchronization, which is different from one-
way HMAC key chain for authentication.
In general most of the attacks on a routing protocol can be classified as:
Non-forwarding
Traffic deviations
Lack of error messages
Frequent route updates
Route modification
Finding an efficient solution to these problems in an open ad hoc environment is still an open
issue.
5. AODV Protocol
Ad-hoc On-Demand Distance Vector (AODV) is inherently a distance vector routing protocol
that has been optimized for ad-hoc wireless networks. It is an on demand protocol as it finds the
routes only when required and is hence also reactive in nature. AODV borrows basic route
establishment and maintenance mechanisms from the DSR protocol and hop-to-hop routing
vectors from the DSDV protocol. To avoid the problem of routing loops, AODV makes
extensive use of sequence numbers in control packets. When a source node intends
communicating with a destination node whose route is not known, it broadcasts a RREQ (Route
Request) packet. Each RREQ packet contains an ID, source and the destination node IP
addresses and sequence numbers together with a hop count and control flags. The ID field
uniquely identifies the RREQ packet; the sequence numbers inform regarding the freshness of
control packets and the hop-count maintains the number of nodes between the source and the
destination. Each recipient of the RREQ packet that has not seen the Source IP and ID pair or
doesnt maintain a fresher (larger sequence number) route to the destination rebroadcasts the
same packet after incrementing the hop-count. Such intermediate nodes also create and preserve
a REVERSE ROUTE to the source node for a certain interval of time. When the RREQ packet
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
7/12
Page 5
reaches the destination node or any node that has a fresher route to the destination a RREP
(Route Reply) packet is generated and unicasted back to the source of the RREQ packet. Each
RREP packet contains the destination sequence number, the source and the destination IP
addresses, route lifetime together with a hop count and control flags. Each intermediate node that
receives the RREP packet, increments the hop count, establishes a FORWARD ROUTE to the
source of the packet and transmits the packet on the REVERSE ROUTE. For preserving
connectivity information, AODV makes use of periodic HELLO messages to detect link
breakages to nodes that it considers as its immediate neighbors. In case a link break is detected
for a next hop of an active route a RERR (Route Error) message is sent to its active neighbors
that were using that particular route. Optionally, a Route Reply Acknowledgement (RREP-ACK)
message may be sent by the originator of the RREQ to acknowledge the receipt of the RREP.
RREP-ACK message has no mutable information.
6. AODV Message Formats
Figure 1: Route Request (RREQ) Message Format
Mutable fields: Hop Count
Figure 2: Route Reply (RREP) Message Format
Mutable fields: Hop Count
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
8/12
Page 6
Figure 3: Route Error (RERR) Message Format
Mutable fields: None
Figure 4: Route Reply Acknowledgment (RREP-ACK) Message Format
Mutable fields: None
7. Security flaws of AODV
The major vulnerabilities present in the AODV are: (i) Deceptive incrementing of sequence
numbers and (ii) Deceptive decrementing of hop-count.
Actually there are seven main requirements to secure AODV protocol properly.
A. Authorized nodes to perform route computation and discovery
B. Minimal exposure of network topology
C. Detection of spoofed routing messages
D. Detection of fabricated routing messages
E. Detection of altered routing messages
F. Avoiding formation of routing loops
G. Prevent redirection of routes from shortest paths
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
9/12
Page 7
Moreover since AODV has no security mechanisms, malicious nodes can perform many attacks
just by not behaving according to the AODV rules. A malicious node M can carry out the
following attacks (among many others) against AODV:
1. Impersonate a node S by forging a RREQ with its address as the originator address.
2. When forwarding a RREQ enervated by S to discover a route to D, reduce the hop count field
to increase the chances of being in the route path between S and D so it can analyze the
communication between them.
3. Impersonate a node D by forging a RREP with its address as a destination address.
4. Impersonate a node by forging a RREP that claims that the node is the destination and, to
increase the impact of the attack, claims to be a network leader of the subnet SN with a big
sequence number and send it to its neighbors.
5. Electively, not forward certain RREQs and RREPs, not reply to certain RREPs and notforward certain data messages.
8. Securing AODV
We assume that there is a key management sub-system that makes it possible for each ad hoc
node to obtain public keys from the other nodes of the network. Further, each ad hoc node is
capable of securely verifying the association between the identity of a given ad hoc node and the
public key of that node. How this is achieved depends on the key management scheme.
Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the
non-mutable fields of the messages, and hash chains to secure the hop count information (the
only mutable information in the messages). For the non-mutable information, authentication is
performing in an end-to-end manner, but the same kind of techniques cannot be applied to the
mutable information. The figures given above show the structure of the AODV messages and
indicate what the mutable fields of the messages are.
In short, securing the AODV protocol can be divided into the following three broad categories:
1) Key Exchange, 2) Secure Routing and 3) Data Protection
9. SAODV Introduction
9.1 Secure AODV hash chains
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
10/12
Page 8
Secure AODV uses hash chains to authenticate the hop count of RREQ and RREP messages in
such a way that allows every node that receives the message (either an intermediate node or the
final destination) to verify that the hop count has not been decremented by an attacker.
9.2 Secure AODV digital signatures
Digital signatures are used to protect the integrity of the non-mutable data in RREQ and RREP
messages. That means that they sign everything but the Hop Count of the AODV message and
the Hash from the Secure AODV extension. When a RREQ is received by the destination itself,
it will reply with a RREP only if it fulfills the AODVs requirements to do so. This RREP will be
sent with a RREP Signature Extension. When a node receives a RREP, it first verifies the
signature before creating or updating a route to that host. Only if the signature is verified, will it
store the route with the signature of the RREP and the lifetime.
9.3 SAKM
Simple Ad hoc Key Management (SAKM) provides a key management system that makes it
possible for each ad hoc node to obtain public keys from the other nodes of the network. Further,
each ad hoc node is capable of securely verifying the association between the identity of a given
ad hoc node and the public key of that node. This is achieved by using statistically unique and
cryptographically verifiable address.
10. Security Requirements
In most domains, the primary security service is authorization. Routing is no exception.
Typically, a router needs to make two types of authorization decisions. First, when a routing
update is received from the outside, the router needs to decide whether to modify its local routing
information base accordingly. This is import authorization. Second, a router may carry out
export authorization whenever it receives a request for routing information. Import authorization
is the critical service.
In traditional routing systems, authorization is a matter of policy. For example, gated, a
commonly used routing program1, allows the administrator of a router to set policies about
whether and how much to trust routing updates from other routers: e.g., statements like trust
router X about routes to networks A and B. In mobile ad hoc networks, such static policies are
not sufficient (and unlikely to be relevant anyway).
Authorization may require other security services such as authentication and integrity.
Techniques like digital signatures and message authentication codes are used to provide these
services.
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
11/12
Page 9
In the context of routing, confidentiality and non-repudiation are not necessarily critical services.
The problem of compromised nodes is not addressed here since it is, arguably, not critical in non
military scenarios. Availability is considered to be outside of scope. Although of course it would
be desirable, it does not seem to be feasible to prevent denial-of-service attacks in a network that
uses wireless technology (where an attacker can focus on the physical layer without bothering to
study the routing protocol).
Therefore, in this research work the following requirements were considered:
Import authorization: It is important to note that in here it is not referring to the traditional
meaning of authorization. What means is that the ultimate authority on routing messages
regarding a certain destination node is that node itself. Therefore, route information will only be
authorized in a routing table if that route information concerns the node that is sending the
information. In this way, if a malicious node lies about it, the only thing it will cause is that
others will not be able to route packets to the malicious node.
Source authentication: Nodes need to be able to verify that the node is the one it claims to be.
Integrity: In addition, nodes need to be able to verify that the routing information that it is
being sent to us has arrived unaltered.
The two last security services combined build data authentication, and they are requirements
derived from our import authorization requirement.
11. Conclusion
The multidimensional trade-offs among security strength, communication overhead,
computational complexity, power consumption and scalability still remain largely unexplored.
So collective efforts from researchers working in different areas such as wireless networking,
mobile systems and cryptography are required to provide best security in the entire manner for
MANETs. Moreover, Finding an efficient solutions to attacks on a routing protocols in MANETs
is still very crucial and not much explored open issue.
AODV is being developed without having security in mind. Because of that there are many
security flaws inside AODV have been observed. So there is a solid need to improve AODV by
adding security extensions using key management, digital signature, hash chains etc.
7/30/2019 Improvement in Routing Mechanism for Mobile Ad Hoc Networks
12/12
Page 10
12. Future Work
I will try to
Compare different routing protocols for MANETs (e.g. AODV, DSR, DSDV, TORA) Check possibilities to add security extensions in that selected routing protocol (making
new secure version of earlier protocol)
Measure overall performance, communication overhead, computation complexity,scalability of new secure routing protocol with earlier ordinary (insecure) version of
protocol.
Study of available secure versions of AODV. Try to find major problems in existing secure versions of AODV.
\
References
[1] H Yang, H.Y. Lue, F Ye, S.W. Lu and L Zhang, Securing in mobile as hoc networks:
challenges and solutions (2004) IEEE wireless communications 11(1), pp. 38-47.
[2] Jean-Pierre, Levente Buttyan, Srdan Capkun, The Quest for security in mobile ad hoc
networks. (2001) by ACM.
[3] Maxim Raya Jean-Pierre, The Security of Vehicular ad hoc networks (2005) by ACM.
[4] Konrad Wrona, Distributed Security: Ad hoc Networks & Beyond, Pamps Workshop,RHUL, 2002.
[5] Pirzada, McDonald, Security Routing with the AODV Protocol (2005) IEEE pp.57-61
[6] Kullberg Performance of the Ad hoc On demand Distance Vector RoutingProtocol
[7] Manel Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV) Routing, INTERNET
DRAFT (September 2006) draft-guerrero-manet-saodv-06.txt
[8] Arshad, Azad Performance Evaluation of Secure On-Demand Routing Protocols for Mobile
Ad-hoc Networks, 2006 IEEE
[9] http://www.crhc.uiuc.edu/wireless/assignments/simulation